MikroTik FireWall

Published on Tue Mar 01 2022

Regex used in Splunk to extract fields from Mikrotik FW. NOTES: - Mikrotik must be configured to use "BSD Syslog" format - FW rules must add, as log prefix, the action: - drop - accep - reject - etc...

Additional matching regexes for
MikroTik FireWall

MikroTik FireWall

Regex used in Splunk to extract fields from Mikrotik FW. NOTES: - Mikrotik must be configured to use "BSD Syslog" format - FW rules must add, as log prefix, the action: - drop - accep - reject - etc...

xferlog parser (proftpd, ftpd, vsftpd, etc..)

This pulls out all the fields from a standard xferlog format log. Format specified here http://www.castaglia.org/proftpd/doc/xferlog.html

Signature of UNIFI Protect in SPLUNK for DHCP

Pulls the DHCP Command from SPLUNK output

CSV parsing

matches the exact fields of CSV files supports: qouted fields quoted fields containing commas, doubble quoutes, and newlines empty fields empty records arbitrary white space in, and outside quoted fields

Brackets Items

This REGEX, allow extract all words in brackets [].

Timecode

Regex to match standard timecode format.

Request mask idea

Do you like apis and nodejs as I do?, then this must be for you, have you noticed that all the famous apis have a common functionality? the ability to request partial responses with masks, so if you have a friend list you may want to return only a few fields you know just in case. You will end up requesting someting like /me/friends?fields=name,email,address. But also may want to return complex references like your friend's friends, so this regex let you match things like name,email,address,friends(name,email) as the 4 fields they are, then you can use a portion of the regex to extract the inner fields. Why the fancy introduction? we need some context :P enjoy

nginx log parser

separate nginx log into database table-style fields

extract twitter username from url

Adopted one of answers from: http://stackoverflow.com/questions/5948051/regex-extract-twitterusername-from-url

Splunk log regex

regex to parse space separated log message from splunk test string ``` ugi=flink ip=172.18.214.55 cmd=source:172.18.214.55 alter_table: hive.net_seed.netdebugnetworkconnectionstatereadysnapshotcapturedevent newtbl=netdebugnetworkconnectionstatereadysnapshotcapturedevent ugi=root ip=172.19.212.146 cmd=source:172.19.212.146 get_table : tbl=hive.nlx_dev.marrsqueryrewritecontextevent ```